Team

The Information Security function is part of the 2nd Line of Defence within our Compliance department. Its purpose is to define the methodological framework, policies, and procedures for managing ICT and information security risks across the organisation. We promote best practices for ICT risk governance and information security management to strengthen the bank’s overall resilience posture, in line with the Digital Operational Resilience Act (DORA) and related regulatory requirements.

This team provides independent oversight and challenge to the 1st Line of Defence by assessing, advising, and monitoring the implementation of ICT risk and security controls. Our working style is collaborative and aligned with our values of integrity, transparency, and accountability. We are committed to fostering an inclusive environment that values diverse perspectives and supports professional growth.

Your Responsibilities

• Review and challenge ICT risk assessments, including protection needs analyses, gap and maturity assessments, and target–actual comparisons.
• Contribute to the development and maintenance of the Information Security Management System (ISMS) in line with regulatory and corporate requirements.
• Develop, maintain, and enhance information security measures, controls, and policies aligned with ISO/IEC 2700x, DORA, and related frameworks.
• Support internal and external reviews, audits, and assessments, including those of third-party service providers.
• Review contractual arrangements to ensure compliance with ICT risk and information security standards.
• Communicate security risks, requirements, and expectations to business and technology stakeholders.
• Prepare management reports and presentations for executive stakeholders and oversight bodies.
• Monitor emerging regulatory requirements and translate them into actionable improvements for the ISMS and ICT risk framework.

Your Profile

• Experience in Information Security, ICT Risk Management, or related fields.
• Strong understanding of frameworks like ISO 2700X, NIST, DORA, or equivalent.
• Background in financial services, payments, or other regulated environments is a plus.
• Excellent interpersonal skills with the ability to influence, consult, and engage stakeholders at various levels.
• Ability to structure complex risk topics and drive initiatives independently.
• Analytical and structured working style with hands-on project management skills.
• Knowledge of modern ICT and cybersecurity technologies, particularly in cloud and infrastructure settings.

Join our mission, join our team – and grow with us!

At Raisin, we care about each other and it is one of our top priorities to foster an open and caring environment in which everyone feels welcome and comfortable. Our culture is strongly driven by our ambitious team, which connects more than 75 different nationalities.

As part of our team, you will benefit from:

• Employee Development Budget of €2,000 and four full training days per year.
• Flexible working hours, home office and 30 vacation days.
• A company pension scheme (Betriebliche Altersvorsorge), which we support with 20%.
• Enjoy more than 50+ different sports with Urban Sports Club: We subsidize your membership with more than €20 per month.
• Do you miss being in the office? The Deutschland Ticket gets you there, which we subsidize with €25 per month.
• Love cycling? With JobRad, lease the bike of your choice and enjoy tax savings, plus Raisin covers your monthly insurance costs.
• Hungry all the time? Snacks, daily fresh fruit as well as drinks provided at the office.
• You are moving from another country or city to join us? We may support your relocation.